Notes on March 27, 2019 - building a highly available cluster with keepalived

Theoretical knowledge involved: VRRP protocol https://blog.csdn.net/zhyvodka/article/details/41800399

Preparation of experimental environment:

  • Three machines restore the snapshot and erase the experimental traces of LVS
  • linux2019_01(85.129): web1
  • Linux 2019_02 (85.128): Nginx load balancing 1
  • Linux 2019_03 (85.130): Nginx load balancing 2, also web2

Experimental steps:

  1. Install nginx service on two load balancing machines
[root@linux2019_02 ~]# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@linux2019_02 ~]# yum install -y nginx
[root@linux2019_02 ~]# vim /etc/nginx/conf.d/bbs_proxy.conf to configure load balancing
upstream bbs 
{
	server 192.168.222.129:443; 
	server 192.168.222.130:443;
}
server
{
	listen 80;
	server_name bbs.aibenwoniu.xyz;
	location /
	{
	    proxy_pass http://bbs;
	    proxy_set_header Host $host;
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}
[root@linux2019_02 ~]# systemctl start nginx

Install and deploy nginx service on another nginx load balancing machine

[root@linux2019_03 ~]# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@linux2019_03 ~]# yum install -y nginx
[root@linux2019_03 ~]# vim /etc/nginx/conf.d/bbs_proxy.conf to configure load balancing
upstream bbs 
{
	server 192.168.222.129:443; 
	server 192.168.222.130:443;
}
server
{
	listen 80;
	server_name bbs.aibenwoniu.xyz;
	location /
	{
	    proxy_pass http://bbs;
	    proxy_set_header Host $host;
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}
[root@linux2019_02 ~]# systemctl start nginx

Add: about upstream configuration https://blog.csdn.net/zwhfyy/article/details/70856035

  1. Deploy keepalived on two nginx load balancing machines
[root@linux2019_02 ~]# yum install -y keepalived
[root@linux2019_02 ~]# vim /etc/keepalived/keepalived.conf 
global_defs {
    notification_email {
    12345@126.com #Define who receives mail
}
notification_email_from #Define email address (not available)
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id 001
}

vrrp_script chk_nginx {
    script "/usr/local/sbin/check_ng.sh" //This script is used to monitor the
    interval 3
}

vrrp_instance linux2019_02 {
    state MASTER
    interface ens33 //Network card
    virtual_router_id 001
    priority 100 //Weight 100, which is greater than backup
    advert_int 1
    authentication {
	auth_type PASS
	auth_pass root //Define password
    }
    virtual_ipaddress {
	192.168.85.100 //Define VIP
    }

    track_script {
	chk_nginx //Define the monitoring script, which is consistent with the string after the VRR? Script above
    }
}

Install and deploy keepalived on another nginx load balancing machine

[root@linux2019_03 ~]# yum install -y keepalived
[root@linux2019_03 ~]# vim /etc/keepalived/keepalived.conf 
global_defs {
    notification_email {
    12345@126.com #Define who receives mail
}
notification_email_from #Define email address (not available)
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id 001
}

vrrp_script chk_nginx {
    script "/usr/local/sbin/check_ng.sh" //This script is used to monitor the
    interval 3
}

vrrp_instance linux2019 {
    state BACKUP
    interface ens33 //Network card
    virtual_router_id 001
    priority 90 //Weight 90, this value is valid for the master
    advert_int 1
    authentication {
	auth_type PASS
	auth_pass root //Define password
    }
    virtual_ipaddress {
	192.168.85.100 //Define VIP
    }

    track_script {
	chk_nginx //Define the monitoring script, which is consistent with the string after the VRR? Script above
    }
}

Add: how to configure the third-party email alarm in keepalived https://blog.csdn.net/HzSunshine/article/details/62052398

  1. Writing nginx monitoring script on two high availability machines
[root@linux2019_02 ~]# vim /usr/local/sbin/check_ng.sh 
#!/bin/bash#Time variable for logging
d=`date +%Y%m%d_%H:%M:%S`
#Calculate the number of nginx processes
n=`ps -C nginx --no-heading|wc -l`
#Start if process is 0 nginxļ¼ŒAnd detect it again nginx Number of processes,#If it is still 0, nginx cannot be started, and keepalived needs to be closed at this time
if [ $n -eq 0 ]
then
    systemctl start nginx  #Start command
    n2=`ps -C nginx --no-heading|wc -l`
    if [ $n2 -eq "0" ]; then
	echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
	systemctl stop keepalived
    fi
fi
[root@linux2019_02 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@linux2019_02 ~]# systemctl start keepalived

Firewall problem: ensure the release of VRRP protocol and close SElinux

  • iptables -A INPUT -p vrrp -j ACCEPT
  • setenforce 0
  1. test
  • Stop the nginx service on the main server. Because there are nginx monitoring scripts, the nginx service will be automatically restored immediately;
  • The nginx configuration is modified incorrectly on the primary server, resulting in the unavailability of the nginx service. keepalived will immediately switch to the standby nginx load balancing machine, and change from BACKUP to MASTER

Tags: Nginx yum vim Linux

Posted on Sat, 30 Nov 2019 20:03:54 -0800 by new2phpcode